exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 67 RSS Feed

Files Date: 2015-12-17

Joomla HTTP Header Unauthenticated Remote Code Execution
Posted Dec 17, 2015
Authored by Christian Mehlmauer, Marc-Alexandre Montpas | Site metasploit.com

Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the database. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. In later versions the deserialisation of invalid session data stops on the first error and the exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1.

tags | exploit, remote, php, code execution
systems | linux, debian, ubuntu
advisories | CVE-2015-8562
SHA-256 | 5a665a27f3d12ff63349cd4ca300cdf8e60e5919f5df2fde458870a5b8bac108
Gentoo QEMU Local Privilege Escalation
Posted Dec 17, 2015
Authored by zx2c4

Some distributions make virtfs-proxy-helper from QEMU either SUID or give it CAP_CHOWN fs capabilities. This is a terrible idea. While virtfs-proxy-helper makes some sort of flimsy check to make sure its socket path doesn't already exist, it is vulnerable to TOCTOU. This exploit should spawn a root shell, eventually, on vulnerable systems.

tags | exploit, shell, root
advisories | CVE-2015-8556
SHA-256 | 1e19e91a7c1729b5f293f8ceb076d4d844b703cbb48b10bd6f16f7fb62c5f677
EMC Isilon OneFS Security Privilege Escalation
Posted Dec 17, 2015
Site emc.com

EMC Isilon OneFS contains a privilege escalation vulnerability when SmartLock compliance mode is in use. In SmartLock compliance mode, the system is designed to prevent root-level user logins to the system. However, this security vulnerability allows OneFS users with administrative privileges to create root-level users and log in to the system.

tags | advisory, root
advisories | CVE-2015-4545
SHA-256 | f4f6d1a7ab19143caa64aabd4726e3e092c57198ac322964a7c8b8aafcb47f52
Apache Camel Java Object Deserialization
Posted Dec 17, 2015
Authored by Claus Ibsen

Apache Camel's Jetty/Servlet usage is vulnerable to a Java object de-serialization vulnerability.

tags | advisory, java
advisories | CVE-2015-5348
SHA-256 | 2dc9dd223b8636940a69a92a2c8ec700896baacff115824e13e45e41f355a595
Gentoo Linux Security Advisory 201512-02
Posted Dec 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-2 - A vulnerability in IPython could result in execution of arbitrary JavaScript. Versions less than 3.2.1-r1 are affected.

tags | advisory, arbitrary, javascript
systems | linux, gentoo
advisories | CVE-2015-7337
SHA-256 | 602eab51ddd4b20b9c24db1a3a698f76e84e569b728c2455b0f878be507ba348
Red Hat Security Advisory 2015-2665-01
Posted Dec 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2665-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 47.0.2526.106, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-6792
SHA-256 | 038818a7be890b246a3237c4c06352a87f9d25899dca0c4f09b790698f9f76c6
Gentoo Linux Security Advisory 201512-01
Posted Dec 17, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201512-1 - A vulnerability in Dnsmasq can lead to a Denial of Service condition. Versions less than 2.72-r2 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-3294
SHA-256 | 30a91cd4814a5a2c048a34695fee5c59ce22a6bd5ce21ccec15e04dba9849a93
Ubuntu Security Notice USN-2840-2
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2840-2 - Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7872
SHA-256 | 24c157bc5fb11507b05110e988d7bc8ac2a3a57436e0dee3534be4d8df1784a6
Ubuntu Security Notice USN-2843-3
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-3 - =E9=83=AD=E6=B0=B8=E5=88=9A discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885
SHA-256 | 49334a6b730ea953bb24db7899076e4caa9a090dbe9937e4c72b50efb8cce3a4
Ubuntu Security Notice USN-2843-2
Posted Dec 17, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2843-2 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7799, CVE-2015-7872, CVE-2015-7884, CVE-2015-7885, CVE-2015-8104
SHA-256 | c5e55d2c73f862fc096ea1440ff05f9e135387c9eb19edd0e68e6a85dc021481
Red Hat Security Advisory 2015-2666-01
Posted Dec 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2666-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issue is addressed with this release: An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could use this flaw to leak certain memory buffer contents from a past request or session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2015-3281
SHA-256 | c4327e8c7d421a0cbc4ff37663cdff357f709ac3ab9cbc77ba10759b1555132d
Microsoft Unicode Scripts Processor Arbitrary Code Execution
Posted Dec 17, 2015
Authored by Secunia, Hossein Lotfi

On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" (TTF) file, which typically can be embedded in e.g. Microsoft Office documents or even in emails and web-based content depending on the font type. Successful exploitation could result in arbitrary code execution.

tags | advisory, web, arbitrary, code execution
advisories | CVE-2015-6130
SHA-256 | ae0792efc0a69b310511509667b6228f00070e222be6e495c2a81037abe590ff
OLE DB Provider For Oracle DLL Hijacking
Posted Dec 17, 2015
Authored by Yorick Koster, Securify B.V.

Multiple DLL side loading vulnerabilities were found in the OLE DB Provider for Oracle. These issues can be exploited by loading various OLE components as an embedded OLE object. When instantiating the object Windows will try to load the DLLs oci.dll, and ociw32.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary, vulnerability
systems | windows
SHA-256 | 780d7323edb86b5d1ef9bec50bd1ae3f33562db71bf215b552d8c2ebc37b7cc4
Shockwave Flash Object DLL Hijacking
Posted Dec 17, 2015
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the Flash version that ships with Windows. This issue can be exploited by loading the Shockwave Flash object as an embedded OLE object. When instantiating the object Windows will try to load the DLL spframe.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
SHA-256 | 05acd97f15be7119fb1100ff641cd7b269e04fe167eaf70a9f77c55c83191102
Shutdown UX DLL Hijacking
Posted Dec 17, 2015
Authored by Yorick Koster, Securify B.V.

A DLL side loading vulnerability was found in the Shutdown UX DLL. This issue can be exploited by loading the Authentication UI Shutdown Choices object as an embedded OLE object. When instantiating the object Windows will try to load the DLL wuaext.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2015-6128, CVE-2015-6132
SHA-256 | b96ff440d177a2b1c8d194a3eeb5ba6a3405ca91223f3d328cdc4c4755b3ac20
PyAMF 0.7.2 XXE Injection
Posted Dec 17, 2015
Authored by Nicolas Gregoire, Open Source CERT

PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.

tags | advisory, denial of service, xxe
advisories | CVE-2015-8549
SHA-256 | 939e9f52f635c72d8bc7877b8213d3c23d28d84296a37c4314ff4368f14040f1
Easy File Sharing Web Server 7.2 GET SEH Buffer Overflow
Posted Dec 17, 2015
Authored by ArminCyber

Easy File Sharing web server version 7.2 GET HTTP request SEH buffer overflow exploit.

tags | exploit, web, overflow
SHA-256 | 11531bcaf1cf7e2104ff72682242f65db7e85fc9273d86643f6ce05ad57c55ff
Easy File Sharing Web Server 7.2 HEAD SEH Buffer Overflow
Posted Dec 17, 2015
Authored by ArminCyber

Easy File Sharing web server version 7.2 HEAD HTTP request SEH buffer overflow exploit.

tags | exploit, web, overflow
SHA-256 | 3a6358d83dfc7a3f2dbc81d614d72f450d1cf61c66790c5934bc1d4aa00345fc
Libnsbmp 0.1.2 Heap Overflow / Out-Of-Bounds Read
Posted Dec 17, 2015
Authored by Hans Jerry Illikainen

Libnsbmp version 0.1.2 suffers from heap overflow and out-of-bounds read vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2015-7507, CVE-2015-7508
SHA-256 | c0939b0e25b9fa643a0b63b47d68e7bdfab3e7978f4d2f6956a53d8dd28806ec
Zen Cart 1.5.4 Local File Inclusion
Posted Dec 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Zen Cart version 1.5.4 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2015-8352
SHA-256 | 90d80bdc3f4d66ab1dcd931c5b4166fa1f6e20341a15274d3e8539e3d3478f36
orion.extfeedbackform Bitrix Module 2.1.2 CSRF / SQL Injection
Posted Dec 17, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

orion.extfeedbackform Bitrix module version 2.1.2 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2015-8355
SHA-256 | eec9e7b4e30ebc71c095aa906c94d9c357af287f4a471dcf8ae2f104b0c822cd
Libnsgif 0.1.2 Stack Overflow / Out-Of-Bounds Read
Posted Dec 17, 2015
Authored by Hans Jerry Illikainen

Libnsgif version 0.1.2 suffers from stack overflow and out-of-bounds read vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2015-7505, CVE-2015-7506
SHA-256 | d53a9d5fac2511420bc71e8fceb0367db6d018335d2f3c8a2c530b88f9f9e266
UserCake 1.3 Cross Site Scripting / Information Disclosure
Posted Dec 17, 2015
Authored by indoushka

UserCake version 1.3 suffers from cross site scripting and information disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | 10d514fadc218779aff15843e7d33dc078285978c36de580e9c1387fa0bef491
Tweet Nest 0.8 Open Redirect
Posted Dec 17, 2015
Authored by indoushka

Tweet Nest version 0.8 suffers from an open redirection vulnerability.

tags | exploit
SHA-256 | 9fbcbbff6b5f163ff851ee213358b525a2fcf885cfb4edbe54fa06560408af2d
WordPress Google Adsense 1.29 Cross Site Scripting
Posted Dec 17, 2015
Authored by Madhu Akula

WordPress Google Adsense plugin version 1.29 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 91ae5e20bfd384ccb99c94c01d36dc2bb377c4381f40ff924487ffbe7fa97a0c
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close